Generating a new SSH Key Pair
- Run
ssh-keygen -t rsa -b 4096
- When prompted, enter a passphrase
- SSH keys should be stored in
~/.ssh/
Importing Public Key to Remote Machine
Option #1 - Manual Configuration
- SSH into remote server, with username + password
cd
into your/home
directory, andmkdir .ssh
- Copy public key from local to remote machine
scp ~/.ssh/my_key.pub user@0.0.0.0:/home/username/.ssh/my_key.pub
- Append SSH public key to authorized hosts file
cat ~/.ssh/my_key.pub >> ~/.ssh/authorized_keys
- Set permissions for
- the .ssh directory (read, write, execute):
chmod 700 ~/.ssh/
- and the SSH keys (read, write):
chmod 600 ~/.ssh/*
- the .ssh directory (read, write, execute):
Option #2 - SSH Copy ID Command
Alternatively, the SSH Copy ID command will upload your public key to the remote server and update .ssh/authorized_keys
After generating an SSH key pair, simply run ssh-copy-id user@0.0.0.0
(with your username, IP and any other SSH flags)
Disable Password Authentication
- Make a backup of the sshdconfig file, before modifying it `sudo cp /etc/ssh/sshdconfig.backup`
- Turn off password authentication
sudo vim /etc/ssh/sshd_config
- Find
#PasswordAuthentication yes
and replace withPasswordAuthentication no
- Save and exit
- Restart SSH service
sudo service ssh restart
Further Links
- The OpenSSH Project: https://www.openssh.com
- SSH-KeyGen Documentation: https://linux.die.net/man/1/ssh-keygen
- Detailed tutorial for SSH-KeyGen: https://www.ssh.com/ssh/keygen
- Short Video Guide, by Corey Schafer: https://youtu.be/vpk_1gldOAE